David Shaw wrote:
On Mon, Oct 10, 2005 at 06:58:03PM +0100, Ben Laurie wrote:
Daniel A. Nagy wrote:
On Mon, Oct 10, 2005 at 03:30:29PM +0100, Ben Laurie wrote:
That mantra has shown to be a less than great idea recently, since it
promotes interestingly obscure security holes, so I still would like to
know what the correct behaviour is, and I'd like the I-D to accurately
document that behaviour.
In that case, the empty line should be mandated,
I agree.
As do I, but it seems to me that it is already mandated. Section 6.2
(Forming ASCII Armor) mandates the line. Section 7 (Cleartext
signature framework) refers to "The ASCII armored signature(s)".
Doesn't it them follow that the armored signature (like all armor)
mandates the line? Am I reading into something that isn't there?
I guess careful reading supports this, but the fact that it explicitly
mentions Header and Tail Lines but _not_ the headers is confusing.
Also, it seems quite a few implementations miss them out, so I'm not the
only confused one.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff